Automation: Friend or foe of data security teams?
From identity and access management to patching, automation has become a central part of enterprise operations and a critical element of any effective cybersecurity strategy.
The goal of automation is to transfer the maintenance burden and many manual tasks from security teams to applications that are dedicated to the task, freeing the skilled human workers to focus on more strategic initiatives. As such, automation is essential for all organizations to navigate today’s complex enterprise technology environments and stay abreast of current and future threats.
So, is it all smooth sailing for security teams and their automation counterparts? Not exactly. Though the technology provides the benefits enumerated above —and many more— without the proper parameters, automation can become less of a trusted ally and more of a worthy adversary by introducing some critical security vulnerabilities.
Read on for a few considerations to ensure that automation remains a friend to security teams:
“Automation” has become synonymous with “it just happens,” but in reality, automation shouldn’t actually be automatic and unsupervised—there should always be a degree of human involvement or oversight. For example, logs, alerts, or reports that update security teams on what has occurred automatically. This helps them maintain control over processes, and also guards against unintentional security vulnerabilities.
It’s also important that companies set limits around what automation can do, and ensure that humans are alerted to actions that could pose an issue--whether it’s a security problem or a simple workflow headache. In IAM automation, for example, a company may wish to implement a rule to trigger a manual action if a large number of user deletes are scheduled in a certain amount of time to prevent an unintentional delete all scenario.
Limit “Automation Sprawl”
All automation solutions are not created equal, and each product has its own nuances and maintenance needs that require human involvement. This alone can create a challenge for security teams—after all, the more complex the solution, the more effort is required to keep it secure.
This issue is exacerbated when companies deploy automation solutions that rely on add-ons or external vendors to manage the product. Of course, no business can function without vendor collaboration, but as with anything, introducing a third-party increases risk and ups the likelihood of a security incident.
For this reason, companies should closely review third-parties and limit “automation sprawl,” replacing numerous point solutions with comprehensive products that offer a more integrated security approach whenever possible. Single automation solutions like Phantom, Swimlane, and Demisto can help as they keep automation to a single system, reducing the number of scripts running throughout the organization.
Keep an Eye on Privilege
We’ve established that human operators and developer teams are essential for automation solutions to function properly. However, as more individuals are involved in deploying, maintaining, and fine-tuning software, the risk of privilege escalation increases. Companies must ensure that bots have only the access and capabilities necessary to perform their respective functions—in essence, they should treat automation tools in the same manner as their human counterparts to avoid giving hackers the keys to the kingdom.
When organizations are mindful of the considerations outlined above, the security risks inherent in automation solutions can be avoided and companies can enjoy the efficiency benefits typically associated with the technology. However, it’s important to remember that automation tools are not the same as artificial intelligence solutions—although the terms are sometimes used interchangeably. It’s the latter technology that holds greater promise for actually preventing security breaches when coupled with machine learning and other advanced technologies.